Skip to content

Instantly share code, notes, and snippets.

View 0xbharath's full-sized avatar
:shipit:
Joy of programming! <img src=1>

Bharath 0xbharath

:shipit:
Joy of programming! <img src=1>
View GitHub Profile
@0xbharath
0xbharath / github_bugbountyhunting.md
Created October 3, 2017 09:02 — forked from EdOverflow/github_bugbountyhunting.md
My tips for finding security issues in GitHub projects.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output
@0xbharath
0xbharath / emails_from_ct_logs.py
Created January 17, 2018 13:03
A script to extract emails from Certificate Transparency logs
from __future__ import print_function
__author__ = 'Bharath'
__version__ = "0.1.0"
try:
import psycopg2
except ImportError:
raise ImportError('\n\033[33mpsycopg2 library missing. pip install psycopg2\033[1;m\n')
sys.exit(1)
@0xbharath
0xbharath / find-subdomains.bash
Created April 22, 2018 17:02
A quick and dirty bash one-liner to find sub-domains using certspotter API
find-cert()
{ curl -s https://certspotter.com/api/v0/certs?domain=$1 | jq -c '.[].dns_names' | grep -o '"[^"]\+"'; }
@0xbharath
0xbharath / subdomain_enum_vt.bash
Created April 25, 2018 09:56
A simple bash function to enumerate sub-domains using VirusTotal
find-subdomains-vt()
{ curl -s https://www.virustotal.com/ui/domains/$1/subdomains\?limit\=$2 | jq .data[].id; }
Python debugger:
Stop programs mid execution
Examine it line by line
Look at the contents of the variable in the middle of the execution
Any python script can be set to be debugged
2 ways to start the debugger:
import pdb; pdb.set_trace()
python -m pdb script.py
SELECT distinct issuer_ca_id, COUNT(*) FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%gov.in')) GROUP BY issuer_ca_id ORDER BY COUNT(*) desc;
SELECT certificate_id,issuer_o,issuer_cn FROM ccadb_certificate WHERE certificate_id IN(SELECT distinct certificate_id FROM certificate_identity ci WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%appsecco.com')));
SELECT distinct ca.name, COUNT(*) count FROM certificate_identity ci, ca ca WHERE ci.NAME_TYPE = 'dNSName' AND reverse(lower(ci.NAME_VALUE)) LIKE reverse(lower('%gov.in')) AND ca.id=ci.issuer_ca_id GROUP BY ca.name ORDER BY count desc;
@0xbharath
0xbharath / find-aws-region.py
Last active November 12, 2019 00:10
A quick script to determine AWS Region from IP Address
from ipaddress import ip_network, ip_address
import json
import requests
import sys
def find_aws_region():
ip_json = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json')
#ip_json = json.load(open('ip-ranges.json'))
ip_json = ip_json.json()
prefixes = ip_json['prefixes']
/blog
/blog/
/blog/blog.rss
/blog/page-data/
/blog/page-data/app-data.json
/blog/sw.js
/blog/_wpeprivate/config.json
/books
/.bower.json
/bower.json
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.